Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of Claims: 

1 . (Currently Amended) A computer network, comprising: 

a client and a server connected by a network connection, wherein the client has a userid and a 
password associated with the client; 

wherein the client requests access to the server by sending a first set of values to the server., 
wherein the first set of values includes a client-generated random value, a large prime number, a primitive 
root of the large prime number, and a large random integer less than the large prime number minus one : 

wherein the server responds to the client by generating a one-time challenge token that depends at 
least on a [[first]] server-generated random value and sending the challenge token to the client , wherein 
the server generates the challenge token by exclusive-oring the server-generated random value with a first 
hash, and wherein the first hash is a hash of the primitive root of the large prime number raised to a 
power, a digest of the client's userid and password, and the client- generated random value ; 

wherein the client retrieves the [[first]] server-generated random value from the challenge token 
and sends the [[first]] server-generated random value and the userid to the server; 

wherein the server verifies the received [[first]] server-generated random value from the client is 
correct by comparing the server- generated random value received from the client with the server's stored 
value of the server-generated random number , and if so, the server generates a one-time authentication 
token and sends it to the client, giving it permission to access the server; 

wherein the client verifies the validity of the one-time authentication token received from the 

server; 

wherein if the client verifies that the one-time authentication token from the server is valid, the 
client changes the password by computing a hash of the userid and a new password to form a new digest, 
creating a mask, computing a message authentication code, and by exclusive-oring the mask with the new 
digest to form a result, and sending the result, the userid. and the message authentication code to the 
server; 

wherein the server retrieves the new digest by exclusive-oring the mask with the received result, 
and wherein the server verifies the received message authentication code: and 

wherein if the received message authentication code is verified, the server changes the client 
password by replacing a digest of at least the old password with a digest of at least the new password. 
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(Canceled) 



9. (Currently Amended) A computer program product in a computer readable medium, comprising: 
a client and a server connected by a network connection, wherein the client has a userid and a 

password associated with the client; 

first instructions whereby the client requests access to the server by sending a first set of values to 

the serve r, wherein the first set of values includes a client-generated random value, a large prime number. 

a primitive root of the large prime number, and a large random integer less than the large prime number 

minus one ; 

second instructions whereby the server responds to the client by generating a one-time challenge 
token that depends at least on a [[first]] server-generated random value and sending the challenge token to 
the clien t, wherein the server generates the challenge token by exclusive-oring the server-generated 
random value with a first hash, and wherein the first hash is a hash of the primitive root of the large prime 
number raised to a power, a digest of the client's userid and password, and the client-generated random 
value ; 

third instructions whereby the client retrieves the [[first]] server-generated random value from the 
challenge token and sends the [[first]] server-generated random value and the userid to the server; 

fourth instructions whereby the server verifies the received [[first]] server-generated random 
value from the client is correct by comparing the server-generated random value received from the client 
with the server's stored value of the server-generated random number , and if so, the server generates a 
one-time authentication token and sends it to the client, giving it permission to access the server; 

fifth instructions whereby the client verifies the validity of the one-time authentication token 
received from the server; 

sixth instructions whereby if the client verifies that the one-time authentication token from the 
server is valid, the client changes the password by computing a hash of the userid and a new password to 
form a new digest, creating a mask, computing a message authentication code, and by exclusive-oring the 
mask with the new digest to form a result, and sending the result, the userid. and the message 
authentication code to the server; 

seventh instructions whereby the server retrieves the new digest by exclusive-oring the mask with 
the received result, and wherein the server verifies the received message authentication code: and 

eighth instructions whereby the server changes the client password by replacing a digest of at 
least the old password with a digest of at least the new password if the received message authentication 
code is verified . 
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17. (Currently Amended) A method of authenticating a client with a server across a network 
connection, comprising the steps of: 

requesting, by the client, access to the server by sending a first set of values to the server , wherein 
the first set of values includes a client-generated random value, a large prime number, a primitive root of 
the large prime number, and a large random integer less than the large prime number minus one : 

responding, by the server, to the client by generating a one-time challenge token that depends on 
at least a [[first]] server-generated random value and sending the challenge token to the client , wherein 
the server generates the challenge token by exclusive-oring the server-generated random value with a first 
hash, and wherein the first hash is a hash of the primitive root of the large prime number raised to a 
power, a digest of the client's userid and password, and the client-generated random value : 

retrieving, by the client, the [[first]] server-generated random value from the challenge token; 

sending, by the client, the [[first]] server-generated random value and a userid of the client to the 

server; 

verifying, by the server, the received [[first]] server-generated random value from the client is 
correct by comparing the server-generated random value received from the client with the server's stored 
value of th e server-generated random number ; 

if the [[first]] server- generated random value from the client is verified by the server, generating a 
one-time authentication token by the server; 

sendin g, by the server, the one-time authentication token to the client to thereby give the client 
permission to access the server; 

verifying, by the client, the validity of the one-time authentication token received from the server: 

if the client verifies that the one-time authentication token from the server is valid, changing, by 
the client, the password by computing a hash of the userid and a new password to form a new digest, 
creating a mask, computing a message authentication code, and by exclusive-oring the mask with the new 
digest to form a result; 

sending, by the client, the result, the userid. and the message authentication code to the server; 
retrieving, by the server, the new digest by exclusive-oring the mask with the received result; 
verifying, by the server, the received message authentication code; and 
if the received message authentication code is verified, changing, by the server, the client 
password by replacing a digest of at least the old password with a digest of at least the new password . 
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